What does the first line in the configuration do? And why can't i'am just write the ssl_bump peek all
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump monitoredSites !serverIsBank
ssl_bump splice all
For example, as I understand it: A user with IP address 178.77.88.2 sends a request to server 77.88.9.9 through a proxy server. This is a TCP connection request. It is registered in sguid and ends up in the step1 list (although I don’t understand what is stored there, because at this step only addresses and ports are known). Next, the request goes through the second step of TLS ClientHello and the SNI is read (line 2). Then, if SNI is in the monitoredSites list but not in the serverIsBank list, then we bump it (line 3). All other SNIs are simply splice (line 4)
I read all the documentation but still don’t understand what this configuration does and why it is written this way